Setup

To enable this integration, you must set up both InsightVM and Secret Server.

Setting Up InsightVM

You must have a valid user account to set up InsightVM for integration. This user is used to access and update shared credentials. The user must have the Global Administrator role. For information about creating a user in InsightVM, see the Rapid7 Insight VM documentation.

You must also create shared credentials for each secret that you want to synchronize from Secret Server. Make sure that you select the Microsoft Windows/Samba (SMB/CIFS) authentication service for the shared credentials in InsightVM. For details of creating shared credentials, see the Insight VM documentation.

Setting Up Secret Server

To set up Secret Server for the integration, you must do the following in Secret Server

  • Specify a folder to store the secrets that you want to synchronize to Rapid7 Insight VM.

  • Create secrets that you want to synchronize to InsightVM.

  • Create an application user. This user is used to access the Secret Server APIs to retrieve secrets.

  • Create a secret for the InsightVM user. This secret is meant to store the credentials of the InsightVM user and the URL of InsightVM. Secret Server uses these credentials to authenticate with the InsightVM APIs during synchronization of secrets.

To set up Secret Server for the integration:

  1. Create a folder to store Rapid7 secrets.

    For information about creating folders, see the Secret Server documentation.

  2. In the folder, create the secrets that you want to synchronize to InsightVM.

    The secrets must use the Windows Account template. For each secret, set the fields in the Create New Secret page as follows. To save the password, select Create Secret.

    • Secret name: A descriptive name to identify the secret.

    • Machine: The URL of your InsightVM instance.

    • User name: The username from the corresponding credentials in InsightVM.

    • Password: The password from the credentials in InsightVM.

    • Site: Select the site that the site belongs to.

    • (Optional) Auto Change Enabled: Select this checkbox to enable automatic remote password changing (RPC) for the secret.

    For details about creating secrets, see the Secret Server documentation.

  3. Create an application user in Secret Server. In the Add user dialog, make sure that you select the Application Account checkbox.

    For information about creating users, see the Secret Server documentation.

  4. Grant the View permission to the application user on the folder’s Permissions tab.

    This permission grants the user access to both the folder and the secrets it stores. For information about granting folder permissions to a user, see the Secret Server documentation.

  5. Under the same folder, create a secret for the InsightVM user.

    You must use the Web Password template for this secret. In the Create New Secret page, provide the following information. To save the new secret, select Create Secret.

    Provide the following information:

    • Secret Name: The name of the secret to help identify it.

    • URL: The URL of your InsightVM instance.

    • Username: The username of the InsightVM user.

    • Password: The password of the InsightVM user.

    • Site: Leave the default site.

    • Auto Changed Enabled: Clear this checkbox.

    For information about creating secrets, see the Secret Server documentation.